FutureVuls API Samples#
This document explains how to access data on FutureVuls using curl with the FutureVuls API.
Filters are also available for the various lists, so you can access data using filters as well.
API Token
In the following sample code, xxxxxxxxxxxxx represents the value of your API token.
Please replace it with your actual API token when executing the commands.
Get Vulnerability List#
$ curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/cves' | jq
{
"paging": {
"totalPage": 8,
"offset": 0,
"page": 1,
"limit": 20,
"totalCount": 158
},
"cves": [
{
"cveID": "CVE-2016-3191",
"scoreV2s": {
"jvn": 7.5,
"nvd": 7.5
},
"scoreV3s": {
"nvd": 9.8
},
"vectorV2s":
...
...
Get Server List#
$ curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/servers' | jq
{
"paging": {
"totalPage": 1,
"offset": 0,
"page": 1,
"limit": 20,
"totalCount": 2
},
"servers": [
{
"id": 21384,
"serverUuid": "",
"hostUuid": "",
"serverName": "ip-192-168-0-188",
"serverIpv4": "192.168.0.188",
"platformName": "aws",
"platformInstanceId": "",
"serverroleId": 1522,
"serverroleName": "default",
"osFamily": "amazon",
"osVersion": "2017.03",
"needKernelRestart": false,
"lastScannedAt": "2018-12-17T00:05:22.376924Z",
"lastUploadedAt": "2018-12-17T00:05:28.254655Z",
"tags": [
{
"id": 363,
"name": "tag1"
}
],
"successScanCount": 12,
"createdAt": "2018-11-22T07:16:35.665921Z",
"updatedAt": "2018-12-17T00:05:28.289345Z"
},
{
"id": 23772,
"serverUuid": "",
"hostUuid": "",
"serverName": "dummy-server",
"serverIpv4": "",
"platformName": "",
"platformInstanceId": "",
"serverroleId": 1522,
"serverroleName": "default",
"osFamily": "pseudo",
"osVersion": "unknown",
"needKernelRestart": false,
"lastScannedAt": "2018-12-16T22:06:16.629504Z",
"lastUploadedAt": "2018-12-16T22:08:52.065021Z",
"successScanCount": 14,
"createdAt": "2018-12-03T07:34:01.676822Z",
"updatedAt": "2018-12-16T22:08:52.071344Z"
}
]
}
Create Paste Server#
For details on paste servers, please refer to the "Scan Manual".
See below for supported paste scan environments.
The following parameters must be specified in the request body. Please see below for how to obtain the parameters.
| Parameter | Type | Required |
|---|---|---|
| serverName | Name of the server to be registered | yes |
| osFamily | OS type | yes |
| osVersion | See details below | yes |
| kernelRelease | See details below | yes |
| kernelVersion | Windows, Debian only | ー |
| pkgPasteText | See details below | ー |
| windowsPkgPasteText | Windows only | ー |
Commands Required for the Create Paste Server API
| Info | Command |
|---|---|
| serverName | Name of the server to be registered |
| osFamily | windows |
| osVersion | "" (Specify an empty string) |
| kernelRelease | (Enter by selecting from Edition) |
| kernelVersion | $CurrentVersion = (Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion"); @($CurrentVersion.CurrentMajorVersionNumber, $CurrentVersion.CurrentMinorVersionNumber, $CurrentVersion.CurrentBuildNumber, $CurrentVersion.UBR) -join '.' |
| pkgPasteText | (Get-Hotfix | Select-Object -Property HotFixID | % { If ($_ -match '(KB\d{6,7})') { $Matches[0] }}) -Join ',' |
| windowsPkgPasteText | Get-Package | Select-Object Name, Version, ProviderName, @{Name='Publisher';Expression={$_.Metadata['Publisher']}} | Format-List | Out-String -Width 1024 |
Edition (Click to expand/collapse)
| name |
|---|
| Windows 10 for 32-bit Systems |
| Windows 10 for x64-based Systems |
| Windows 10 Version 1511 for 32-bit Systems |
| Windows 10 Version 1511 for x64-based Systems |
| Windows 10 Version 1607 for 32-bit Systems |
| Windows 10 Version 1607 for HoloLens |
| Windows 10 Version 1607 for x64-based Systems |
| Windows 10 Version 1703 for 32-bit Systems |
| Windows 10 Version 1703 for x64-based Systems |
| Windows 10 Version 1709 for 32-bit Systems |
| Windows 10 Version 1709 for ARM64-based Systems |
| Windows 10 Version 1709 for x64-based Systems |
| Windows 10 Version 1803 for 32-bit Systems |
| Windows 10 Version 1803 for ARM64-based Systems |
| Windows 10 Version 1803 for x64-based Systems |
| Windows 10 Version 1809 for 32-bit Systems |
| Windows 10 Version 1809 for ARM64-based Systems |
| Windows 10 Version 1809 for HoloLens |
| Windows 10 Version 1809 for x64-based Systems |
| Windows 10 Version 1903 for 32-bit Systems |
| Windows 10 Version 1903 for ARM64-based Systems |
| Windows 10 Version 1903 for HoloLens |
| Windows 10 Version 1903 for x64-based Systems |
| Windows 10 Version 1909 for 32-bit Systems |
| Windows 10 Version 1909 for ARM64-based Systems |
| Windows 10 Version 1909 for x64-based Systems |
| Windows 10 Version 2004 for 32-bit Systems |
| Windows 10 Version 2004 for ARM64-based Systems |
| Windows 10 Version 2004 for HoloLens |
| Windows 10 Version 2004 for x64-based Systems |
| Windows 10 Version 20H2 for 32-bit Systems |
| Windows 10 Version 20H2 for ARM64-based Systems |
| Windows 10 Version 20H2 for x64-based Systems |
| Windows 10 Version 21H1 for 32-bit Systems |
| Windows 10 Version 21H1 for ARM64-based Systems |
| Windows 10 Version 21H1 for x64-based Systems |
| Windows 10 Version 21H2 for 32-bit Systems |
| Windows 10 Version 21H2 for ARM64-based Systems |
| Windows 10 Version 21H2 for x64-based Systems |
| Windows 10 Version 22H2 for 32-bit Systems |
| Windows 10 Version 22H2 for ARM64-based Systems |
| Windows 10 Version 22H2 for x64-based Systems |
| Windows 11 Version 21H2 for ARM64-based Systems |
| Windows 11 Version 21H2 for x64-based Systems |
| Windows 11 Version 22H2 for ARM64-based Systems |
| Windows 11 Version 22H2 for x64-based Systems |
| Windows 11 Version 23H2 for ARM64-based Systems |
| Windows 11 Version 23H2 for x64-based Systems |
| Windows Server 2016 |
| Windows Server 2016 for x64-based Systems |
| Windows Server 2016 for x64-based Systems (Server Core installation) |
| Windows Server 2016 (Server Core installation) |
| Windows Server 2019 |
| Windows Server 2019 (Server Core installation) |
| Windows Server 2022 |
| Windows Server 2022, 23H2 Edition (Server Core installation) |
| Windows Server 2022 (Server Core installation) |
| Info | Command |
|---|---|
| serverName | Name of the server to be registered |
| osFamily | redhat |
| osVersion | awk '{print $6}' /etc/redhat-release |
| kernelRelease | uname -r |
| kernelVersion | cat /etc/redhat-release |
| pkgPasteText | rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH} %{SOURCERPM}\\\n" |
| Info | Command |
|---|---|
| serverName | Name of the server to be registered |
| osFamily | amazon |
| osVersion | awk '{if ($0 ~ /Amazon Linux release (2022\|2023)/) print $4; else if ($0 ~ /Amazon Linux release 2/) printf("%s %s\n",$4, $5); else if ($0 ~ /Amazon Linux 2/) for (i=3; i<=NF; i++) printf("%s ", $i); else if (NF==5) print $5}' /etc/system-release |
| kernelRelease | uname -r |
| pkgPasteText | rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH} %{MODULARITYLABEL} %{SOURCERPM}\n" |
| pkgPasteText if version is 2 |
repoquery --all --pkgnarrow=installed --qf="%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{ARCH} %{UI_FROM_REPO} %{SOURCERPM}\\\n" |
| Info | Command |
|---|---|
| serverName | Name of the server to be registered |
| osFamily | debian |
| osVersion | cat /etc/debian_version |
| kernelRelease | uname -r |
| kernelVersion | dpkg-query -W -f="\${Version}\n" linux-image-$(uname -r) |
| pkgPasteText | dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${source:Package},\${source:Version}\\\n" |
| Info | Command |
|---|---|
| serverName | Name of the server to be registered |
| osFamily | ubuntu |
| osVersion | lsb_release -sr \| awk '{print $1}' |
| kernelRelease | uname -r |
| pkgPasteText | dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${source:Package},\${source:Version}\\\n" |
| Info | Command |
|---|---|
| serverName | Name of the server to be registered |
| osFamily | fedora |
| osVersion | awk '{print $3}' /etc/fedora-release |
| kernelRelease | uname -r |
| pkgPasteText | rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH} %{SOURCERPM}\\\n" |
| Info | Command |
|---|---|
| serverName | Name of the server to be registered |
| osFamily | alma |
| osVersion | awk '{print $3}' /etc/redhat-release |
| kernelRelease | uname -r |
| pkgPasteText | rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH} %{SOURCERPM}\\\n" |
| Info | Command |
|---|---|
| serverName | Name of the server to be registered |
| osFamily | rocky |
| osVersion | awk '{print $4}' /etc/redhat-release |
| kernelRelease | uname -r |
| pkgPasteText | rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH} %{SOURCERPM}\\\n" |
| Info | Command |
|---|---|
| serverName | Name of the server to be registered |
| osFamily | oracle |
| osVersion | awk '{print $5}' /etc/oracle-release |
| kernelRelease | uname -r |
| pkgPasteText | rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH} %{SOURCERPM}\\\n" |
| Info | Command |
|---|---|
| serverName | Name of the server to be registered |
| osFamily | ・opensuse ・opensuse.leap ・suse.linux.enterprise.server ・suse.linux.enterprise.desktop |
| osVersion | grep -oP '(?<=VERSION_ID=").+(?=")' /etc/os-release |
| kernelRelease | uname -r |
| pkgPasteText | rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH} %{SOURCERPM}\\\n" |
Registering an Ubuntu server#
$ curl -s -X POST 'https://rest.vuls.biz/v1/server/paste' \
-H 'Content-Type: application/json' \
-H 'accept: application/json' \
-H 'Authorization:xxxxxxxxxxxxx' \
-d '{
"serverName":"vuls-paste-server-ubuntu",
"osFamily":"ubuntu",
"kernelRelease":"5.15.133.1",
"osVersion":"22.04",
"pkgPasteText":"hostname,ii ,3.23ubuntu2,,3.23ubuntu2\n dpkg,ii ,1.21.1ubuntu2.3,,1.21.1ubuntu2.3\n grep,ii ,3.7-1build1,,3.7-1build1"
}'
Registering a Windows server#
$ curl -s -X POST 'https://rest.vuls.biz/v1/server/paste' \
-H 'Content-Type: application/json' \
-H 'accept: application/json' \
-H 'Authorization:xxxxxxxxxxxxx' \
-d '{
"serverName":"vuls-paste-server-windows",
"osFamily":"windows",
"osVersion": "",
"kernelRelease": "Windows Server 2022",
"kernelVersion":"10.0.19045.4412",
"pkgPasteText":"KB5036608,KB5012170,KB5015684,KB5037768,KB5014032,KB5020372",
"windowsPkgPasteText":"Name :Docker Desktop\nVersion : 4.25.1\nProviderName : Programs\nName : Everything 1.4.1.1022 (x64)\nVersion : 1.4.1.1022\nProviderName : Programs\nName : Git\nVersion : 2.37.0\nProviderName : Programs"
}'
Add Lockfile#
| Parameter | Description | Notes |
|---|---|---|
| serverID | ID of the server to add the lockfile to | How to get serverID |
| path | Path and filename of the lockfile | Supported Lockfiles |
| fileContent | Content of the lockfile |
curl -s -X POST -H 'Content-Type: application/json' -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/lockfile' -d '{ "serverID": 192730, "path": "/REST_API/go.sum", "fileContent": "github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=\n github.com/go-gitea/gitea v1.2.3 h1:L0SC8kIr3+UnxNAte9M9bmdQ8Bdrc6I5b4Zuz/T+NCw=\n github.com/go-gitea/gitea v1.2.3/go.mod h1:g8iUbfFNyuJp8u7GsSggxI8NQyuxeGTyqxogl3imbQM=\n github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=\n github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=\n golang.org/x/crypto v0.0.0-20180820150726-614d502a4dac/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=\n golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=\n golang.org/x/crypto v0.0.0-20190122013713-64072686203f/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=\n golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=\n golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=\n golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=\n golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=\n golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=\n golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\n golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\n golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\n golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\n golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\n golang.org/x/crypto v0.0.0-20190927123631-a832865fa7ad/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\n golang.org/x/crypto v0.0.0-20191119213627-4f8c1d86b1ba h1:9bFeDpN3gTqNanMVqNcoR/pJQuP5uroC3t1D7eXozTE=\n golang.org/x/crypto v0.0.0-20191119213627-4f8c1d86b1ba/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=\n gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=\n gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\n gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\n gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\n"}'
Download Server SBOM#
You can download server information registered in FutureVuls as an SBOM. A JSON response with an embedded download URL will be returned, so you need to send another request to download the file.
| Parameter | Description | Notes |
|---|---|---|
| serverID | ID of the server to generate the SBOM for | How to get serverID |
| format | Generation format for the SBOM | Select from cyclonedx_json, cyclonedx_xml (required) |
# Request a temporarily authenticated download URL
$ curl -s -H 'Accept:application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/server/XXXX/sbom?format=cyclonedx_json' | jq
{
"url": "https://vuls-sbom-stg.s3.ap-northeast-1.amazonaws.com/XXXX/XXXX/XXXXX-XXXXXXX.cyclonedx.json?X-Amz-Algorithm=...&X-Amz-Credential=...&X-Amz-Date=...&X-Amz-Expires=...&X-Amz-Security-Token=..."
}
# To download the file, send another request
$ curl -s -O $(curl -s -H 'Accept:application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/server/XXXX/sbom?format=cyclonedx_json' | jq -r '.url')
Get Task List#
$ curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/tasks?filterStatus=new&&filterStatus=investigating&&filterStatus=ongoing&&filterStatus=workaround&&filterStatus=patch_applied' | jq
{
"paging": {
"totalPage": 8,
"offset": 0,
"page": 1,
"limit": 20,
"totalCount": 157
},
"tasks": [
{
"id": 1331193,
"cveID": "CVE-2014-9402",
"serverID": 21384,
"serverUuid": "",
"serverName": "ip-192-168-0-188",
"serverTags": [
"tag1"
],
"osFamily": "amazon",
"osVersion": "2017.03",
"roleID": 1522,
"roleName": "default",
"hasExploit": false,
"hasMitigation": false,
"hasWorkaround": false,
"pkgCpeNames": [
"glibc",
"glibc-common",
"glibc-devel",
"glibc-headers"
],
"pkgNotFixedYet": false,
"applyingPatchOn": "1970-01-01T00:00:00Z",
"status": "new",
"priority": "none",
"ignore": false,
"detectionTools": [
{
"name": "vuls"
}
],
"advisoryIDs": [
"ALAS-2018-1017"
],
"createdAt": "2018-11-22T07:16:39.677041Z",
"updatedAt": "2018-12-17T00:05:28.289345Z"
},
{
"id": 1331194,
"cveID": "CVE-2015-5180",
"serverID": 21384,
"serverUuid": "",
"serverName": "ip-192-168-0-188",
"serverTags": [
"tag1"
],
"osFamily": "amazon",
"osVersion": "2017.03",
"roleID": 1522,"
...
...
Statuses Retrievable via the Get Task List API
By default, the Get Task List API only retrieves tasks with status=["new", "investigating", "ongoing"].
To retrieve tasks of all statuses, specify each one with filterStatus.
Available values : new, investigating, ongoing, defer, not_affected, risk_accepted, workaround, patch_applied
Default value : List [ "new", "investigating", "ongoing" ]
Get Task Comments in Batch#
You can retrieve comments for multiple tasks at once. This is more efficient than retrieving task details individually, helping to avoid rate limits.
| Parameter | Description | Notes |
|---|---|---|
| taskIDs | List of task IDs to retrieve | Min 1, max 100 |
| commentTypes | Types of comments to retrieve | Select from user, api, system (default: ["user", "api"]) |
$ curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/taskComments?taskIDs=1331193&taskIDs=1331194&commentTypes=user&commentTypes=api' | jq
[
{
"taskID": 1331193,
"comments": [
{
"id": 12345,
"comment": "調査中です",
"type": "user",
"userID": 1,
"userName": "user-name",
"createdAt": "2024-01-15T10:30:00Z",
"updatedAt": "2024-01-15T10:30:00Z"
},
{
"id": 12346,
"comment": "対応完了しました",
"type": "api",
"userID": 2,
"userName": "api-user",
"createdAt": "2024-01-16T14:20:00Z",
"updatedAt": "2024-01-16T14:20:00Z"
}
]
},
{
"taskID": 1331194,
"comments": [
{
"id": 12347,
"comment": "パッチ適用予定",
"type": "user",
"userID": 1,
"userName": "user-name",
"createdAt": "2024-01-17T09:00:00Z",
"updatedAt": "2024-01-17T09:00:00Z"
}
]
}
]
Get Deleted Software List#
You can get a list of software that has been removed from servers due to version upgrades or other changes. This allows you to identify old software versions before an upgrade.
For details, see the "Behavior When Upgrading Software" note in "Software".
$ curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/groupSet/deletedPkgCpes' | jq
{
"paging": {
"totalPage": 1,
"offset": 0,
"page": 1,
"limit": 20,
"totalCount": 3
},
"pkgCpes": [
{
"serverSoftwareID": 10,
"pkgID": 10,
"name": "openssl",
"version": "1.1.1",
"serverID": 501,
"serverUuid": "hoge-fuga",
"serverName": "app-server-1",
"group": {
"ID": 1,
"groupName": "group01"
}
}
]
}
Get Group Set Vulnerability Information#
You can retrieve vulnerability information (CVSS, CWE, references, etc.) associated with multiple CVEs at once.
| Parameter | Description | Notes |
|---|---|---|
| cveIDs | List of CVE IDs to retrieve | Min 1, max 100 |
$ curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/groupSet/cveVulnInfos?cveIDs=CVE-2023-1234&cveIDs=CVE-2023-5678' | jq
[
{
"cveID": "CVE-2023-1234",
"cvss": {
"nvd": {
"v2Score": 7.5,
"v2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"v3Score": 9.8,
"v3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
...
},
"cwes": [
{
"cweID": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
],
"references": {
"nvd": "https://nvd.nist.gov/vuln/detail/CVE-2023-1234"
},
"exploitLevel": "high",
"hasExploit": true,
"hasMitigation": true
},
{
"cveID": "CVE-2023-5678",
"cvss": {
"nvd": {
"v3Score": 7.5,
"v3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
...
},
"cwes": [
{
"cweID": "CWE-400",
"name": "Uncontrolled Resource Consumption"
}
],
"references": {
"nvd": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678"
},
"hasExploit": false,
"hasMitigation": false
}
]
Filtering with Parameters#
This section explains how to use the API's filter parameters.
No Date Filter#
curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/tasks?limit=1000'
Get Tasks Created After May 17, 2024 (JST)#
Use filterNewedAtAfter to filter by creation date.
curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/tasks?limit=1000&filterNewedAtAfter=2024-05-16T15:00:00Z'
# ex. To count the number of tasks
curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/tasks?limit=1000&filterNewedAtAfter=2024-05-16T15:00:00Z' | jq .tasks[].newedAt | wc -l
Get Tasks Created Between May 17 and May 23, 2024 (JST)#
Combine filterNewedAtAfter and filterNewedAtBefore to filter by a date range.
curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/tasks?limit=1000&filterNewedAtAfter=2024-05-16T00:00:00Z&filterNewedAtBefore=2024-05-22T15:00:00Z'
Get Tasks Whose Status Changed to PATCH_APPLIED After a Certain Date#
Combine filterStatusUpdatedAfter and filterStatus to filter by status change date.
curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/groupSet/tasks?filterStatusUpdatedAtAfter=2025-07-14T00:00:00Z&filterStatus=patch_applied'
Get Software with Supply Chain Risk Updated within the Last 24 Hours#
By using filterSupplyChainRiskUpdatedAtAfter, you can extract software whose supply chain risk (EOL, malicious packages, etc.) has been updated since the specified time.
This allows you to identify software with newly detected supply chain risks.
# Specify the date and time 24 hours ago (e.g., 2026-01-28T00:00:00Z)
curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/groupSet/pkgCpes?filterSupplyChainRiskUpdatedAtAfter=2026-01-28T00:00:00Z' | jq
Note on filterSupplyChainRiskUpdatedAtAfter
filterSupplyChainRiskUpdatedAtAfter filters by the supply chain risk update time (updated_at). This includes not only new EOL detections but also updates such as:
- Status changes (e.g., NEW → CLOSED)
- Assignee changes
- EOL date changes
- Changes in detection method or reason
- New detection of malicious packages
Therefore, you cannot extract only software with newly detected EOL.
Get Software Created After a Specific Date and Time#
By using filterCreatedAtAfter, you can extract software that was registered in FutureVuls or had its version upgraded since the specified time.
For details, see the "Behavior When Upgrading Software" note in "Software".
# Get software created after January 1, 2026
curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/groupSet/pkgCpes?filterCreatedAtAfter=2026-01-01T00:00:00Z' | jq
Get Software Deleted After a Specific Date and Time#
By using filterServerID and filterDeletedAtAfter, you can extract software that was deleted from a specific server after a specified time.
# Get software deleted after January 1, 2026
curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/groupSet/deletedPkgCpes?filterDeletedAtAfter=2026-01-01T00:00:00Z&filterServerID=501' | jq
Register Private EOL#
This API registers EOL information for in-house products or commercial software not listed on the official endoflife.date, at the organization level. For an overview of the feature, see "Registering Private EOL Information".
Use the organization API token issued in the Organization Settings.
Endpoints#
| HTTP Method | URL | Description |
|---|---|---|
| GET | /v1/org/privateEndoflifeDates | Get list (filterable with filterProductName / filterReleaseCycle) |
| POST | /v1/org/privateEndoflifeDate | Create |
| PUT | /v1/org/privateEndoflifeDate/{privateEndoflifeDateID} | Update |
| DELETE | /v1/org/privateEndoflifeDate/{privateEndoflifeDateID} | Delete |
Request Parameters (Create / Update)#
| Parameter | Type | Required | Description |
|---|---|---|---|
productName |
string | yes | Product name. Must be unique within the organization in combination with releaseCycle |
releaseCycle |
string | yes | Release cycle (version series). Example: 1.0 |
eolAt |
string | yes | EOL (end of standard support) date and time (RFC3339). If the software is already EOL but the date is unknown, specify 1970-01-01T00:00:00Z |
purlList |
array[string] | - | List of PURLs for matching (max 100). Specify without a version (example: pkg:generic/product-name) |
cpeList |
array[string] | - | List of CPE URIs for matching (max 100). Specify without a version (example: cpe:/a:vendor:product-name for applications, cpe:/o:vendor:product-name for OS) |
extendedSupportAt |
string | - | Extended support end date and time (RFC3339) |
eolReason |
string | - | Reason / memo |
Note: Required (yes) indicates fields required when creating (POST). For updates (PUT), all fields other than privateEndoflifeDateID are optional.
Get List (GET)#
$ curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/org/privateEndoflifeDates' | jq
# Filter by productName
$ curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/org/privateEndoflifeDates?filterProductName=my-internal-product' | jq
# Filter by releaseCycle
$ curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/org/privateEndoflifeDates?filterReleaseCycle=1.0' | jq
# Filter by both productName and releaseCycle
$ curl -s -H 'accept: application/json' -H 'Authorization:xxxxxxxxxxxxx' 'https://rest.vuls.biz/v1/org/privateEndoflifeDates?filterProductName=my-internal-product&filterReleaseCycle=1.0' | jq
Create (POST)#
$ curl -s -X POST 'https://rest.vuls.biz/v1/org/privateEndoflifeDate' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization:xxxxxxxxxxxxx' \
-d '{
"productName": "my-internal-product",
"releaseCycle": "1.0",
"purlList": ["pkg:generic/my-internal-product"],
"cpeList": ["cpe:/a:my-company:my-internal-product"],
"eolAt": "2030-06-30T00:00:00Z",
"eolReason": "EOL policy for in-house products"
}' | jq
{
"id": 1,
"productName": "my-internal-product",
"releaseCycle": "1.0",
"purlList": ["pkg:generic/my-internal-product"],
"cpeList": ["cpe:/a:my-company:my-internal-product"],
"eolAt": "2030-06-30T00:00:00Z",
"eolReason": "EOL policy for in-house products",
"createdAt": "2026-06-03T00:00:00Z",
"updatedAt": "2026-06-03T00:00:00Z"
}
Update (PUT)#
Specify the ID of the record to update (the id from the Get List response) in the path.
Include only the fields you want to update in the request body (fields that are not included remain unchanged). Specify at least one updatable field.
To reset extendedSupportAt / eolReason to unset (NULL), specify extendedSupportAtNull / eolReasonNull as true, respectively (mutually exclusive with specifying a value).
$ curl -s -X PUT 'https://rest.vuls.biz/v1/org/privateEndoflifeDate/1' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization:xxxxxxxxxxxxx' \
-d '{
"eolAt": "2031-06-30T00:00:00Z",
"eolReason": "Extended support"
}' | jq
Delete (DELETE)#
Specify the ID of the record to delete (the id from the Get List response) in the path.
$ curl -s -X DELETE 'https://rest.vuls.biz/v1/org/privateEndoflifeDate/1' \
-H 'Authorization:xxxxxxxxxxxxx'